SlideShare a Scribd company logo

Fosdem2012 sayer-sems-sbc

S
stefansayer

SEMS, the SIP Express Media Server, is the media and application server counterpart to SIP Express Router aka Kamailio/OpenSER, the leading open source SIP Signalling server from iptel.org. Since 2004 SEMS has been used to implement classical value added services in VoIP networks like announcements, conferencing, voicemail and RBT, and converged services as web conferencing and voice message broadcasting. More recently, its integrated Back-to-Back User Agent has been extended and improved for flexibility and high performance, making it one of the few open source solutions for high volume session border control. But there's more to it: Thanks to its flexibility, it can also be used as core call routing element, and be a useful tool in various situations for the VoIP platform engineer. The talk will present the SEMS SBC functionality and typical performance numbers, and then show how developers can use the internal call control API to create custom call routing in the SBC with two examples: Using a RESTful interface, a web app server implemented with the Play! framework is used for user controlled call routing, and by accessing a blacklist database in REDIS, SEMS' SBC can be used to block SPIT.

1 of 31
Download to read offline
SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
SEMS use cases 4
SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
Minimal Play! Web app 24
...with CRUD module 25
REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29
SBC performance 30
Thank You. http://iptel.org/sems

Recommended

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshop
stefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
stefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at REST
PaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBX
PaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source Well
Matt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problems
IT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated new
AmolDhoke3
 

Recommended

Getting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshopGetting started with SIP Express Media Server SIP app server and SBC - workshop
Getting started with SIP Express Media Server SIP app server and SBC - workshop
stefansayer
 
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolboxSIP Express Media Server SBC application as powerful SBC and SIP toolbox
SIP Express Media Server SBC application as powerful SBC and SIP toolbox
stefansayer
 
Asterisk: the future is at REST
Asterisk: the future is at RESTAsterisk: the future is at REST
Asterisk: the future is at REST
PaloSanto Solutions
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBX
PaloSanto Solutions
 
LinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source WellLinuxCon North America: SIPPing from the Open Source Well
LinuxCon North America: SIPPing from the Open Source Well
Matt Bynum
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
Francesco Prior
 
Asa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problemsAsa pixfwsm multicast tips and common problems
Asa pixfwsm multicast tips and common problems
IT Tech
 
Spoto updated new
Spoto updated newSpoto updated new
Spoto updated new
AmolDhoke3
 
Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall
NetProtocol Xpert
 
Nat
NatNat
Nat
Mohamed Gamel
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
Francesco Prior
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of Asterisk
Elio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
videos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protection
Westermo Network Technologies
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
Flavio Eduardo de Andrade Goncalves
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
Flavio Eduardo de Andrade Goncalves
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk Platform
Hamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
Cisco Security
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
OpenFest team
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Cisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfv
videos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
Mohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPM
Alexander Shopov
 
Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
Daniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
Damien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
BT Digital
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
Daniel-Constantin Mierla
 

More Related Content

What's hot

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall
NetProtocol Xpert
 
Nat
NatNat
Nat
Mohamed Gamel
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
Francesco Prior
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of Asterisk
Elio Rojano
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
videos
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protection
Westermo Network Technologies
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
Flavio Eduardo de Andrade Goncalves
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
Flavio Eduardo de Andrade Goncalves
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk Platform
Hamid Fadishei
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
Cisco Security
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
OpenFest team
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
Cisco Russia
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
Salem Trabelsi
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfv
videos
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
Mohammad Reza Kamalifard
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Duane Bodle
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPM
Alexander Shopov
 

What's hot (18)

Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall Basic ASA Configuration, NAT in ASA Firewall
Basic ASA Configuration, NAT in ASA Firewall
 
Nat
NatNat
Nat
 
Asterisk: dongled !
Asterisk: dongled !Asterisk: dongled !
Asterisk: dongled !
 
The 12 tasks of Asterisk
The 12 tasks of AsteriskThe 12 tasks of Asterisk
The 12 tasks of Asterisk
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Best practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protectionBest practices for using VPNs for easy network-to-network protection
Best practices for using VPNs for easy network-to-network protection
 
Number one-issue-voip-today-fraud
Number one-issue-voip-today-fraudNumber one-issue-voip-today-fraud
Number one-issue-voip-today-fraud
 
No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014No More Fraud, Astricon, Las Vegas 2014
No More Fraud, Astricon, Las Vegas 2014
 
Telephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk PlatformTelephony Service Development on Asterisk Platform
Telephony Service Development on Asterisk Platform
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)
 
Pf sense 2.0
Pf sense 2.0Pf sense 2.0
Pf sense 2.0
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
2.5.1.2 packet tracer configure cisco routers for syslog, ntp, and ssh oper...
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfv
 
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونیاسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
اسلاید اول جلسه یازدهم کلاس پایتون برای هکرهای قانونی
 
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
Cisco ASA Firewall Interview Question "aka Stump-the-Chump" Question # 01
 
Bundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPMBundling Packages and Deploying Applications with RPM
Bundling Packages and Deploying Applications with RPM
 

Similar to Fosdem2012 sayer-sems-sbc

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
Daniel-Constantin Mierla
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
Damien Garros
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
BT Digital
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
Daniel-Constantin Mierla
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
NETWAYS
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAP
Chris John Riley
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
Faisal Khan
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
Yossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios
 
Sc manual
Sc manualSc manual
Sc manual
MugdhaDeodhar
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdf
mengistuyirga
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
E.S.G. JR. Consulting, Inc.
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAP
Chris John Riley
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
Daniele Albrizio
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailio
Aleksandar Sosic
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
Nimrod Leon Scott Kenedy
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
Ray Song
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
維泰 蔡
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIP
Kundan Singh
 

Similar to Fosdem2012 sayer-sems-sbc (20)

Designing High Performance RTC Signaling Servers
Designing High Performance RTC Signaling ServersDesigning High Performance RTC Signaling Servers
Designing High Performance RTC Signaling Servers
 
Banog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as codeBanog meetup August 30th, network device property as code
Banog meetup August 30th, network device property as code
 
Configure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdfConfigure Mikrotik Khmer.pdf
Configure Mikrotik Khmer.pdf
 
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your IcingaOSMC 2021 | Icinga-Installer – the easy way to your Icinga
OSMC 2021 | Icinga-Installer – the easy way to your Icinga
 
SecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAPSecZone 2011: Scrubbing SAP clean with SOAP
SecZone 2011: Scrubbing SAP clean with SOAP
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical NagiosNagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
Nagios Conference 2014 - Leland Lammert - Distributed Heirarchical Nagios
 
Sc manual
Sc manualSc manual
Sc manual
 
ZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdfZTE FL NGN ZXSS10 Induction training manual.pdf
ZTE FL NGN ZXSS10 Induction training manual.pdf
 
CCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management AutomationCCNP Data Center Centralized Management Automation
CCNP Data Center Centralized Management Automation
 
SAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAPSAP (in)security: Scrubbing SAP clean with SOAP
SAP (in)security: Scrubbing SAP clean with SOAP
 
Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi Rete di casa e raspberry pi - Home network and Raspberry Pi
Rete di casa e raspberry pi - Home network and Raspberry Pi
 
CI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailioCI/CD and TDD in deploying kamailio
CI/CD and TDD in deploying kamailio
 
Setting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc routerSetting ubuntu server sebagai pc router
Setting ubuntu server sebagai pc router
 
r2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCyr2con 2017 r2cLEMENCy
r2con 2017 r2cLEMENCy
 
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
Linux 系統管理與安全:進階系統管理系統防駭與資訊安全
 
Introduction to VoIP using SIP
Introduction to VoIP using SIPIntroduction to VoIP using SIP
Introduction to VoIP using SIP
 

More from stefansayer

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway
stefansayer
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?
stefansayer
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controller
stefansayer
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllers
stefansayer
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peering
stefansayer
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Control
stefansayer
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc
stefansayer
 

More from stefansayer (7)

The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway The FRAFOS ABC SBC WebRTC gateway
The FRAFOS ABC SBC WebRTC gateway
 
WebRTC: Why and How?
WebRTC: Why and How?WebRTC: Why and How?
WebRTC: Why and How?
 
FRAFOS ABC Session Border Controller
FRAFOS ABC Session Border ControllerFRAFOS ABC Session Border Controller
FRAFOS ABC Session Border Controller
 
Understanding Session Border Controllers
Understanding Session Border ControllersUnderstanding Session Border Controllers
Understanding Session Border Controllers
 
Frafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peeringFrafos ABC SBC - Secure peering
Frafos ABC SBC - Secure peering
 
FRAFOS Secure Session Border Control
FRAFOS Secure Session Border ControlFRAFOS Secure Session Border Control
FRAFOS Secure Session Border Control
 
12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc12 vladimir.broz-sems-sbc
12 vladimir.broz-sems-sbc
 

Recently uploaded

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

Fosdem2012 sayer-sems-sbc

  • 1. SEMS SBC Stefan Sayer CEO, FRAFOS GmbH FOSDEM 2012, 05.02.2012
  • 2. Contents ● SEMS project ● The flexible, open SBC ● SBC programmability 2
  • 3. The SIP Express Media Server ● Media, application server from iptel.org ● Only 1 year younger than SER (*2002) ● Widely used by carriers, ITSPs, OEMs, Universities, hobbyists 3
  • 5. SEMS: The VAS platform ● C++, Python APIs ● DSM: State charts scripting engine 5
  • 6. SBCs – what? “SBCs are SIP application servers with focus on security and isolation” 6
  • 7. SBCs – the need ● Security requirements are rising → Policy enforcement and control at UNI/NNI ● Topology hiding is necessary → NAT and security ● Core call controls become big and slow → Routing and service management at NNI ● SIP implementations are buggy → “SIP normalization”, translation 7
  • 8. SBCs – the special case ● On signaling and media plane ● Call stateful – high requirements for availability and scalability ● Interworking with all “SIP dialects” 8
  • 9. The SEMS SBC ● Widely deployed SIP technology ● Broad range of media capabilities ● Configurable transparency ● Policy programmability – “SBC platform” 9
  • 10. Signaling Features ● Topology hiding ● From, To, RURI, Contact, Call-ID manipulation ● Header and message filter ● Adding headers ● Reply code translation ● SIP authentication ● SIP Session Timer, Call Timer ● Prepaid accounting 10
  • 11. Media features ● RTP anchoring / media steering ● Physical network separation ● NAT traversal, symmetric RTP (comedia style) ● Codec filter ● SDP normalization 11
  • 12. Flexible profile based control sbc.conf iptelecho.sbcprofile.conf load_profiles=iptelecho URI=sip:echo@iptel.org active_profile=iptelecho From=<anonymous@mynet.net> ... To=<sip:echo@iptel.org> ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:echo@iptel.org SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <anonymous@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:echo@iptel.org> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: y76IIPf4UD68bb ... ... ● define SBC behaviour in profiles 12
  • 13. Set RURI, From, To, Call-ID ... set_fromto.sbcprofile.conf URI=$tU@sbc1.mypeer.net From=<$fU@mynet.net> known To=<sip:$tU@mypeer.net> SER Call-ID=$ci_leg2 pseudo-variables ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 ... ... 13
  • 14. Replacement patterns ● RURI, From, To, PAI, PPI ($r, $f, $t, $a, $p) ● Call-ID ($ci) ● src, dst IP address/port ($si, $pi, $Ri, $Rp) ● P-App-Param hdr parameter ($P(myparam)) ● Header value ($H(P-My-Header)) ● Map any value via regexp ($M(val=>map)) 14
  • 15. Control SBC from proxy dynamic_rtprelay_sst.sbcprofile.conf ... enable_rtprelay=$H(P-Enable-RTPRrelay) enable_session_timer=$H(P-Enable-SST) ... SEMS SBC # # U 210.13.3.122:5080 -> 210.13.3.100:5060 U 210.13.3.100:5060 -> 213.192.59.75:5060 INVITE sip:+49123@osbc1.mynet.net SIP/2.0 INVITE sip:+49123@sbc1.mypeer.net SIP/2.0 From: “John” <sip:+431556221@mynet.net>;tag=12 From: <+431556221@mynet.net>;tag=3213 To: “Clara” <+49123@mynet.net> To: <sip:+49123@mypeer.net> Call-ID: 3cde5d1a960a-dez6oz34llo4 Call-ID: 3cde5d1a960a-dez6oz34llo4_leg2 P-Enable-RTPRelay: no Session-Expires: 300 P-Enable-SST: yes ... ... 15
  • 16. Profile selection ● Static ● active_profile=static_config ● Pseudo-var ipmap.conf ● active_profile=$rU ^10.0..*=>internal1 ^10.1..*=>internal2 ● Mapping urimap.conf iptel.org=>iptel ● active_profile=$M(val=>map) fliptel.com=>fliptel ● Select first matched ● active_profile=$M($si=>ipmap), $M($ru=>urimap),$H(P-SBCProfile),refuse 16
  • 17. Manage SBC ● sems-sbc-* tools ● get and set active profile ● load and reload profiles ● load and reload mappings ● Track profile versions with MD5 hash ● Get statistics from monitoring 17
  • 18. Processing model UDP other receiver/msg parser event sources threads Session Container RTP processing session pool event queues event processing ● Signaling: Async, one thread per call or thread pool ● Media: Sync, Thread pool 18
  • 19. SEMS B2BUA architecture DIALOG DIALOG SIP message event SIP message ● Two complete, separate instances of dialog handling: Locally SIP correct 19
  • 20. E.g.: Session Timers SST: refresh! Re-INVITE SDP changed? 200 Re-INVITE event: session changed 200 ● Use UPDATE or re-INVITE for refresh ● SST and timer values per leg ● Try to have e2e refresh 20
  • 21. SBC programmability ● Pluggable Call Control modules for custom SBC application scenario ● e.g. policing with external data source Call control Call control Call control SBC SEMS core 21
  • 22. Call control SBC-API ● V1: connect(...), start(...), end(...) ● Control SBC through call profile object ● Pattern replacements (provisioning) in both input and output ● Modules: CDR generation, call timer, prepaid, parallel calls limit, REST/http, REDIS blacklist 22
  • 23. Programmability example (1) ● Call Forward settings via Web App ● Destination queried via REST interface 23
  • 26. REST call control module ● Using libcurl for http request ● Result expected as JSON or TEXT (key=valuen) 26
  • 27. Programmability example (2) ● In-memory Blacklist DB: REDIS ● Connection pool ● Configurable command ● SMEMBER blacklist $fU ● rate limiting with ZRANGE ● More complex logic in lua ● ... 27
  • 28. Programmability example (3) FRAFOS: SBC with Provisioning and OAM GUI 28
  • 29. FRAFOS: SBC high availability ● Replication of call state to hot standby ● Transparent fail-over 29